Scarce regulatory resources: tactical enforcement and hybrid data governance in the cloud

By Dr Asma Vranaki, Lecturer in Law (University of Bristol Law School).

© Ben O’Bryan

European data protection authorities (EU DPAs) play crucial roles in protecting personal data rights. However, many EU DPAs do not have adequate access to resources in order to be effective data privacy protectors. Although the data privacy law literature recognizes that many EU DPAs operate within such constraints, to date, there has been a dearth of empirical studies on how limited resources can impact on enforcement. A new article* makes a modest attempt to address this empirical gap by analysing selected empirical findings of a recent project which examined the investigations of multinational cloud providers by EU DPAs (Cloud Investigations).

This article draws on the fields of socio-legal studies and regulation to interpret these empirical findings and advances three arguments. First, due to their fiscal constraints, some EU DPAs often have to make tactical enforcement decisions about initiating Cloud Investigations as well as the foci and methods of Cloud Investigations. The decision-making process can be very complex for some EU DPAs as they have to not only consider but also at times balance a broad range of factors including external pressures, law and enforcement styles. Second, hybrid forms of data governance can often emerge during Cloud Investigations as EU DPAs delegate their regulatory tasks to private and governmental (other than EU DPAs) actors due to the limited resources. Finally, this article suggests that hybrid data governance needs to be carefully designed in order to ensure effective and robust data governance. Suggestions are made on how the ‘regulatory space’ can be designed in order to promote accountability, trust, robust data protection and effective multi-actor collaboration.

* This article is derived from the work which Dr Vranaki undertook for the ‘Accountability for Cloud’ research project which was funded by the European Commission Seventh Framework Programme. It can be freely downloaded from https://www.researchgate.net/publication/325451273_Scarce_regulatory_resources_tactical_enforcement_and_hybrid_data_governance_in_the_cloud.

From the “Democratic Deficit” to a “Democratic Surplus”: Constructing Administrative Democracy in Europe

By Dr Athanasios Psygkas, Lecturer in Law (University of Bristol).

When academics, policymakers, media commentators, and citizens talk about a European Union (EU) “democratic deficit,” they often miss part of the story. My new book, From the “Democratic Deficit” to a “Democratic Surplus”: Constructing Administrative Democracy in Europe (Oxford University Press, 2017), challenges the conventional narrative of an EU “democratic deficit.” It argues that EU mandates have enhanced the democratic accountability of national regulatory agencies by creating entry points for stakeholder participation in national regulation. These avenues for public participation were formerly either not open or not institutionalized to this degree.

By focusing on how the EU formally adopted procedural mandates to advance the substantive goal of creating an internal market in electronic communications, I demonstrate that EU requirements have had significant implications for administrative governance in the member states. Drawing on theoretical arguments in favor of decentralization traditionally applied to substantive policy-making, the book illustrates how the decentralized EU structure may transform national regulatory authorities into individual sites of experimentation and innovation. It thus contributes to debates about federalism, governance and public policy, as well as about deliberative and participatory democracy in the United States and Europe. (more…)